The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill relies on pnpx nopeek, which downloads and executes the 'nopeek' package from the npm registry at runtime. This execution occurs during initialization, loading of secrets, and session start hooks, creating a dependency on external code that could be compromised.
[DATA_EXPOSURE]: The skill is designed to scan and migrate sensitive configuration files, specifically targeting cloud CLI credentials (e.g., AWS, hcloud, kubectl, gcloud, Azure) and local .env files. Accessing these sensitive paths (like ~/.aws/credentials) is a high-risk operation, though it is the primary stated purpose of the tool.
[PERSISTENCE_MECHANISMS]: The skill implements SessionStart hooks (session-load.sh) to automatically load stored keys and CLI profiles whenever an agent session begins. This ensures persistent access to secrets across sessions and automatic execution of scripts upon agent startup.
[COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands that modify the local environment and interact with security configurations. This includes the pnpx nopeek init command which modifies cloud CLI authentication profiles.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from .env files and third-party CLI outputs. While it includes redaction logic, the ingestion of external data to set environment variables or influence tool output provides an attack surface for indirect prompt injection.
Ingestion points: .env files in the current directory and stdout from cloud CLIs.
Boundary markers: None specified for protecting the agent prompt from content within .env files.
Capability inventory: Full bash execution via pnpx and agent environment manipulation via CLAUDE_ENV_FILE.
Sanitization: Uses regex-based redaction patterns, which the documentation admits is 'best-effort' and can be bypassed by complex command structures (pipes/redirections).

nopeek